You have probably come across a lot of spam/scam emails that ask you to log in on some fake website or to submit your personal information. Usually, such phishing emails target financial data, personal details, or login details for different websites. Sometimes, however, scam emails are sent to the domain or hosting owners in an attempt to steal a service or extort money.

We will look at five of the most common scams – in what way the scammers are trying to trick you and what you can do to protect yourself from such scam attempts. You can also check our article on detecting common phishing attacks here: An Overview of Online Phishing Attacks in 2021.

1. Domain appraisal

Scam scheme: Scammers send an email to the domain owner asking if they are willing to sell their domain name and then mention there is a potential buyer. The offer is usually tempting enough to make people consider selling their domain. If the owner agrees, the scammer asks them to get a domain appraisal service to make sure the offer is good for both sides. Of course, the service is run by the scammer and the “buyer” stops responding until the domain owner buys the service. If the email address associated with the domain is not publicly visible due to privacy protection or GDPR compliance, the scammer may send a spoofed email, trying to convince the domain owner that the scam messages have already been approved by the registrar.

What to do: For a start, do not pay anything for any service. If anybody wants to buy your domain name and they are offering you several hundred or even several thousand dollars, they should have $50 to pay for the appraisal themselves. If they insist that you pay, simply stop responding as this is clearly a scam. If you want to find out how much your domain name is worth, there are lots of free online tools to do that. If you are willing to sell the domain, you should use a legitimate marketplace that offers an escrow service. Some marketplaces offer an appraisal service, which you can trust.

2. Domain renewal

Scam scheme: This is the so-called domain slamming. A registrar sends an email to the domain owner, stating that the domain is about to expire. If the owner wants to renew that domain, they are prompted to pay, but they are also asked for the EPP transfer code of the domain. The scam here is that the email is not sent from the current registrar company for that domain name, but from one that wants to trick the owner into transferring the domain to them. While a domain name with the vast majority of extensions will be renewed after the transfer, this is a bad practice that takes advantage of the ignorance of most domain owners. Some of them don’t pay much attention to what they click; others simply panic that they will lose their domain, so they go ahead with the payment.

There are several implications here. You will probably pay more than you should; your website and/or emails may go offline; but worst of all, you may lose control of your domain name as it will be in control of a company that has deliberately scammed you.

What to do: For a start, always look carefully at the renewal notices you receive. Their wording can often tell you if they are legitimate or not. Here are a few things you can do to make sure you are not being scammed:

  • Check the sender's email address. Renewal notices should be sent by your registrar, or by the company where you registered the domain name, as you may have registered it through a reseller. As the sender's email address may have been spoofed, look for an option to view the source code of the message in your webmail/desktop application to see the sending server. You can also enable anti-spam protection for your mailbox. We offer the powerful SpamAssassin platform for all mailboxes hosted on our servers, for example. Using such protection can stop spoofed messages from being delivered to your mailbox.
  • Look for certain keywords. These are usually words like “offer”, “solicitation” or something similar. Such emails are not illegal as long as they mention what they are about. It is your responsibility to read them carefully. You may also see phrases like “we have not received your payment”, “your domain certificate will expire” or something else that may be true, but has nothing to do with your domain name (they have not received a payment from you as you have no services with them at all).
  • Check the links you are about to click. If you are not familiar with the URL you are prompted to click, ignore it. To make sure that you are not being tricked, mouse over the link in the email and check the actual URL on the bottom left of your browser/email client.
  • Renew your domains only from your account. Companies often send direct renewal links for your convenience. If you have any doubts, however, you can always log in to your account where you usually manage your domain names and renew them there.
  • Renew your domain names for multiple years. Unless you need a domain name for a one-time project to let it go once it expires, you can renew all your domains several years in advance. This way, you will know that any renewal-related emails are a scam.
  • Enable auto-renewal if available. This is the easiest way to keep your domain name active and to ignore any renewal notices you receive as you will not have to do anything. Of course, scammers are creative sometimes and send emails saying that an automatic payment has failed, but if you receive such a message, you can contact your provider right away. This way, you won’t be taking any chances.

You can activate automatic renewal for any service you have with us with just a click. Whether you have a domain name, a hosting plan, or an SSL certificate, you won’t have to renew them manually, so you won’t have to worry about any scam emails regarding the renewal of your services. You can easily see which service is set to auto-renew in the Account panel.

3. SEO services offer.

Scam scheme: Some companies that offer SEO services send emails to domain owners, tricking them into thinking that their domain name is about to expire. The wording of the emails is important – if you don’t read the message carefully, it is very easy to think it is about your domain name. People often skip through the content, so if you come across “expiration of your domain name []” or “important expiration notification”, it is easy to get deceived. In reality, such emails have nothing to do with the registration/renewal of your domain name. They are simply trying to make you pay for SEO services/search engine listing.

What to do: Similar to any other email that mentions your domain name, read the entire message carefully. Look for keywords – if you notice anything about “SEO”, “offer” or “immediate action”, you can be sure the email is not legitimate. Check the WHOIS details of your domain to make sure that it is not going to expire soon. If it is, or if you have any doubts, log in to your account to see the date there. If needed, you can always contact your domain provider as well.

Naturally, if you do not recognize the web address you are asked to visit, do not click on any link. You should make any payment either through a direct secure link that you recognize or through the account panel where you manage your domain name. Even if you need SEO services, a scam email is not the way to get them. Depending on what exactly you need, you can order such a service either through your hosting provider or through a company that offers dedicated SEO services.

4. "I've got your email".

Scam scheme: This was a very popular scheme a couple of years ago, but you can still receive such emails now and then. The message says that the scammer has gained access to your email address and is now in possession of materials that can compromise your reputation. In the general case, these are adult materials – either ones that you have allegedly viewed online or ones that allegedly include yourself. The scammer demands money, usually in a cryptocurrency, or threatens you to send the compromising materials to your contacts. One thing that may get you worried in this case is that these particular messages appear to have been sent from your email address.

What to do: First of all, take a deep breath and relax. Your personal life is nobody’s concern, but what is more important – the email is a scam and nobody has access to your messages. The content of these emails is generic and although it may vary a bit, it is just an attempt of some scammer to extort you for money. Nonetheless, here are a few steps you can take:

  • Change your password from a different computer. Although this is not something necessary, it is just a precaution.
  • Check the headers of the message. In simple terms, this is the technical information of the message that shows the sending and the receiving servers. If you check the sending server, you can easily see if it is the one that handles messages for your domain name or not. If an email appears to be sent from your mailbox, almost certainly it has been spoofed – the sending address has been masked to appear as your own, but in fact, the message has been sent from a different email address and through a different mail server.
  • Enable SPF/DKIM records. These are text (TXT) records that can prevent the spoofing of your email address. The SPF record defines the mail servers that are allowed to send messages for a particular domain name. The DKIM record adds a digital signature to messages to sign them as being authentic. If a mail server is configured to check these records for incoming messages and the check fails, the messages will be either rejected or flagged as spam/scam. For more detailed information about the records and how to create them if you have a hosting account with ICDSoft or with another provider, check our article here: How to add SPF and DKIM records
  • Enable anti-spam protection. Scam emails follow similar patterns, so most of them are easy to detect. If you enable anti-spam protection for your mailbox, you will not receive any of the "I’ve got your email” messages.
  • Contact the support team. If you use a hosting provider that you can contact easily, you can ask the support team to check the server logs for any unauthorized access to your mailbox. While this is not something you must do, it will give you the peace of mind you probably need after seeing the extortion email. This way, you will be sure that nobody has access to your mailbox.

5. Fake hosting invoice.

Scam scheme: This is another popular scheme that targets website owners. What is different here is that the scammers send not only emails but also regular snail mail with instructions. The scheme is simple – they contact website owners to inform them that their hosting account is about to expire. Often, they send an unpaid invoice to trick people into thinking that they have an outstanding balance. Of course, there is a payment link leading to a platform maintained by the scammers. Most of the emails come from a company called Web Host Agents and unfortunately, a lot of people fall for this fraud.

What to do: Whenever you receive a notification that your account is about to expire, do not pay any pending invoice mentioned in the email immediately. If your site is down, paying a scammer will not bring it back online, so you should check carefully the unpaid invoice you have received. There are a few things to look for:

  • Is the sender legitimate? If you are not sure, check previous emails you have received from your hosting provider – invoices, payment receipts, account information emails, etc. If you notice the email address the new message has been sent from is different, be extremely cautious. Contact your hosting provider before you take any other action.
  • Are the amount and the services correct? A third-party company will not know the exact services you have or how much they cost. Any discrepancy you notice means that the email is almost certainly not legitimate, so you should delete it.
  • Is the content ambiguous? Fake invoice emails usually contain phrases like “act immediately”, “don’t lose your website” and other similar ones that urge you to pay right away. Legitimate hosting providers will notify you about upcoming expiration in advance and will not use such phrases.

If you have any doubts about the expiration date of your hosting plan, about any outstanding balance that would generate an unpaid invoice, or about the legitimacy of the invoice/notification you have received, login to your account (using a bookmark, or typing the address manually) to check its standing or contact your hosting provider.

Wrap Up

There are hundreds of millions of registered domain names and most of them are hosted in personal hosting accounts, not enterprise ones. Any domain/website owner is a potential victim of several different scams related to the services they use. We showed you five of the most popular ones. Some of them rely on your negligence when it comes to reading seemingly standard notifications, others try to grab your interest by offering you money or services, but some emails can be classified as straightforward extortion. What is common between all of them is that they are not simple notifications, but they demand that you pay for one reason or another.

If you have any doubts about any email that mentions your domain name or hosting/email service, you should not click on any link in it or pay any amount until you have a closer look. Check who sent the email and what the text is about. If you notice any discrepancies in the services or the amount mentioned in the email, or if you are urged to act quickly, you can almost be certain that there is something fishy. This is why you should always log in to your account and/or contact your hosting or domain provider to double-check if any information in the suspicious email is legitimate or not.


A web hosting provider since 2001. We host over 58,000 websites for customers in over 140 countries around the globe.